This Privacy Policy discloses the privacy practices of SecurityReview Corp, a Corporation, and applies to website www.securityreview.ai and other Security Review Corpwebsites and mobile applications (collectively, the "Site"), and without limitation various related online and/or mobile services provided on or in connection with this Site. This Privacy Policy explains what information of yours and others will be collected by us when you use the Site, how the information will be used, and how you can control the collection, correction and/or deletion of information.
SecurityReview.ai is an AI-powered platform designed to automate security design reviews, threat modelling, and compliance assessments, streamlining traditionally manual processes and integrating with third-party tools such as Jira, Confluence, and Google Docs to enhance organizational security workflows. SecurityReview.ai is a systematic, AI-powered security risk assessment tool that integrates with your existing tools and processes to help teams proactively identify, prioritize, and resolve security risks.
The use of data collected by us under this policy shall be limited to the scope defined hereunder, in furtherance of the same and to be able to better serve our customers/users.
This Privacy Policy forms an integral part of our Terms of Use, and by accessing or using our Services, you agree to be bound by all of its terms and conditions. If you do not agree to these terms, please do not access, or use the Service. Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Use or in any other contractual document between you and us.
We process personal data in order to perform our core functions, deliver services effectively, provide technical and user support, and improve your overall experience with the Platform. When you request a demo, subscribe to our services, connect third-party tools, upload content, or otherwise actively engage with the Platform, we collect and process data, including but not limited to your name, email address, job title, organization name, telephone number, and any other information you voluntarily provide.
We do not collect or store credit card or direct payment information on this Platform. All payment processing is handled securely through third-party providers.
In addition, as part of the standard operation of the Platform, we may automatically collect certain technical and usage information from your browser or device. This includes, but is not limited to, your browser type, operating system, IP address, device type, access times, pages visited, time spent on pages, clicks, and search actions. If you access the Platform via a mobile device, we may collect additional information such as device identifiers (e.g., MAC Address, advertising ID), mobile carrier, device model, and location data (where permitted).
We process data in order to effectively perform our role and provide support to you. When you request information, subscribe for a service, participate in a survey, post a rating or review, post a question or answer, upload content or otherwise actively send us data on our Site, we collect such data including, but not limited to, your user name, password, first and last name, email address, telephone number (including mobile phone number), street address, gender, occupation, interests, and any other data. We do not collect any credit card information or payment data through this Platform.
We will store this information on our equipment or the equipment of third parties that we have a relationship with for that purpose.
We collect the following information:
User Identification Data:
Names, email addresses, or usernames of:
- Authors or contributors of documents
- Assignees in Jira issues
- Users mentioned in comments or metadata
Role or Organizational Metadata:
- User roles and responsibilities (to map findings to "the right role")
- Team or department assignments
- Access levels (to tailor recommendations or restrict views)
Communication & Collaboration Data:
Comments, change logs, and discussions from:
- Google Docs
- Confluence pages
- Jira tickets
These may include personal opinions, identifiers, or sensitive internal context.
Behavioral or Usage Data (if analytics/tracking is enabled):
- Login/logoff timestamps
- Activity within the platform
- Interaction with review outcomes or dashboards
We are committed to safeguarding your privacy and therefore collect the minimum data required for us to perform our role and provide the required support.
Sensitive personal data (e.g., health, financial, biometric) unless those are present in documents it scans
Customer/user data unrelated to the architecture or sy+stems under review, unless that data is embedded in the materials
We may use any personal information collected under this Privacy Policy (“Personal Information”) for the following purposes:
Analyzing System Design & Architecture for Risks
- Purpose: To understand how your systems are structured, how data flows, and where potential vulnerabilities might lie.
- Data Used: Architecture docs, system specs, Jira tickets, Confluence pages.
- Outcome: Generate security findings based on real dependencies, integrations, and data paths.
Identifying Who Is Responsible
- Purpose: To map specific security risks to the right individuals or teams for resolution.
- Data Used: Usernames, roles, team structures from metadata in Jira, Confluence, and Google Docs.
- Outcome: Assign issues to the relevant people automatically, reducing coordination delays.
Prioritizing Risks Based on Context
- Purpose: To help teams focus on what matters most.
- Data Used: Severity of system components, business impact from documentation, ownership metadata.
- Outcome: Risks are ranked by impact, with clear reasoning, so you can triage efficiently.
Making Reviews Transparent and Trackable
- Purpose: To create a unified, auditable view of security posture over time.
- Data Used: Document version histories, Jira statuses, change logs, user activity.
- Outcome: Shows who did what, when, and what’s still pending — useful for compliance, accountability, and coordination.
Reducing Redundancy and Enabling Reuse
- Purpose: To avoid duplicating effort across reviews or teams.
- Data Used: Previously analyzed documents, stored logic, tribal knowledge, common patterns.
- Outcome: Standardized, repeatable security assessments across projects.
To contact you with service-related messages, support responses or other communications that further our contractual relationship with you.
Provide any other services opted for by the User.
Any personal data you share with SecurityReview.ai may be transferred to or shared with affiliated entities or service partners solely for the purpose of providing you with the requested services and enhancing the platform’s functionality. By using the platform, you consent to such transfers and acknowledge that the services cannot be provided without them. If you do not agree to this, please refrain from using the platform.
In addition to the other uses and disclosures of information set forth in this Privacy Policy, and notwithstanding anything in this Privacy Policy to the contrary, we may use and disclosure, for any purpose, any information that does not identify you as a specific individual (“Non-Personal Information”), except where we are required to do otherwise under applicable law. Such Non-Personal Information may include, for example and without limitation: MAC addresses and other device identifiers; IP addresses; pixel tags and similar technologies; physical location information; and demographic information, including gender, dates of birth, ZIP codes, etc. Non-Personal Information may also include Personal Information that has been aggregated or deidentified. If we combine any Non-Personal Information with Personal Information (such as combining your ZIP code with your name), then we will only use and disclose such combined information for the purposes described in this Privacy Policy while it is so combined. If we are required to treat Non-Personal Information as Personal Information under applicable law, then we may use and disclose it for all the purposes for which we use and disclose Personal Information.
We may use other companies, including affiliates and third parties, to perform services in connection with our operations, and to improve the Site and our other products and services. These third parties may include (but are not limited to) service providers and vendors.
In the course of providing these services, those companies may have access to Personal Information, and such Personal Information may be transferred to other countries. Those companies are contractually required to treat such Personal Information in accordance with this Privacy Policy. Please also be aware that we may use third-party cloud service providers that provide hosting, data storage and other services pursuant to standard terms and conditions that may be non-negotiable; These service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures. However, we will not be liable (to the fullest extent permitted by law) for any damages that may result from the misuse of any information, including Personal Information, by these companies.
You may also use certain third-party sites or services that you find links to on this Site. In such cases, all information you provide to a third party is provided to that third party and not to us and is subject to the third party’s privacy policy and terms of service.
All information you provide to us is stored on our secure servers behind firewalls. Any sensitive data will be encrypted.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and keep your account information secure. We urge you to be careful about giving out information in public areas of the Site like message boards.
Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personally Identifiable Information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.
In the event that Personal Information is compromised as a result of a breach of security, we will promptly notify those persons whose Personal Information has been compromised, in accordance with the notification procedures set forth in this Privacy Policy or as otherwise required by applicable law.
You should be aware that when Personally Identifiable Information is voluntarily disclosed (i.e. your name, email address, etc.) in the discussion forums or other public areas on this Site, that information, along with any information disclosed in your communication, can be collected and used by third parties and may result in unsolicited messages from third parties. Such activities are beyond our control and this Policy does not apply to such information. Any submissions to public areas on this Site are accepted with the understanding that they are accessible to all third parties. If you do not want your comments to be viewed by third parties, you are advised not to make any submissions. Ultimately, you are solely responsible for maintaining the secrecy of your password and/or account information. Please be careful and responsible whenever you're online.
Our Service includes social media features, such as the Facebook Like button and Widgets, and the Share this button or interactive mini programs that run on our Service. These features may collect your IP address, which page you are visiting on our Service, and may set a cookie to enable the Feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Service. Your interactions with these features are governed by the privacy policy of the company providing such features.
When you use our application or visit our website a small data file is sent to your individual web browser. These are called cookies. They are used to make the website/application work more efficiently. Cookies do not personally identify users and collect only non-personal data. This cookie policy is applicable to our website, application, communication, mobile, etc.
Any person visiting our site may receive cookies from us or cookies from third parties such as customers, partners or service providers. We may also use Pixels, local storage and other similar tracking technology.
These technologies are used for Authentication, i.e., to identify you and verify your details, to enable and support our security features, preference features and services, customized content, advertising, performance, analytics, and research. You have the option to reject such cookies.
We reserve the right to change this Privacy Policy at any time. Such changes, modifications, additions or deletions shall be effective immediately upon notice thereof, which may be given by means including, but not limited to issuing an email to the email address listed by registered users and/or a notification on the Site and posting the revised Policy on our Site. You acknowledge and agree that it is your responsibility to maintain a valid email address as a registered user.
You shall review this Site and its Policy periodically, to be aware of any modifications. Your continued use of the Service after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by the modified Privacy Policy.
Management of Personal Information:
We have well-trained staff trained to respect confidentiality and well equipped with the understanding of privacy laws in the United States of America and abroad. The user data is safe with us and will be managed in accordance with this policy.
It is our goal to make sure that the information that we hold is accurate and up to date. It is therefore imperative that User intimates us when the User’s personal information changes.
Alteration of Data/Information:
- We can update or delete your data whenever necessary. If it is brought to our knowledge that your information has been uploaded to our platform without your consent, we shall initiate the process of deletion of that data as soon as we become aware of such fact.
- If after giving consent to uploading data, you wish to withdraw consent, we shall respect your wishes and delete your Personal Information so long as it does not hamper other data collected by us or interfere with the data of others.
- You can access data not visible to you after making an application to our Data Protection Officer especially appointed in this regard or through additional means as provided on the platform, but to do so you must have some reasonable grounds. The information regarding such Data Protection Officer has been given below.
- You have right to object to any type of data processing that we follow.
Access to personal information:
- When you request access to personal information or want personal information to be updated or deleted, we shall only process such a request upon verification of your identity. This is to protect the personal information stored with us and to deter against fraud.
- All requests shall only be entertained if the same is sent to the Data Protection Officer Designated for the purpose or processed through automated system provided in the platform.
Right to be forgotten
Any request pertaining to the right to be forgotten, needs to be made to our Data Protection Officer in writing, we will do all we reasonably can to fulfill your request.
To request removal of your Personal Information from our blog, community forums, or testimonials, contact our Data Protection officer at abhay@we45.com. All requests must be made in writing to our Data Protection Officer and must be reasonable. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
Except as otherwise discussed in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. Other websites accessible through our Site have their own privacy policies and data collection, use and disclosure practices. Please consult each website's privacy policy. We are not responsible for the policies or practices of third parties. Additionally, other companies which place advertising on our Site may collect information about you when you view or click on their advertising through the use of cookies. We cannot control this collection of information. You should contact these advertisers directly if you have any questions about their use of the information that they collect.
It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business-related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our Site, as determined by us and at its sole discretion. We reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Privacy Policy.
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this Site, please contact us at: abhay@we45.com.